Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for setting a trap to detect if an intruder has compromised a client end station in an attempt to gain unauthorized access to enterprise data provided by a server executing on a server end station, wherein the client end station comprises a set of one or more user data files storing user data accessed through a set of one or more applications and further comprises a configuration repository storing application configuration data used by the set of one or more applications to configure the operation of the set of one or more applications, the method comprising: causing a honey token to be placed on the client end station secluded within the application configuration data stored in the configuration repository, wherein the configuration repository is one of a data source name (DSN) data structure, a Windows registry database, an application configuration file, and a local storage of a web browser, wherein the honey token is one or more of metadata and instructions indicating how one or more of the set of one or more applications can seemingly access the enterprise data provided by the server, wherein the honey token is invalid and does not allow access to any of the enterprise data provided by the server, wherein the server is unaware of the honey token, wherein the honey token is a reverse honey token in that it is placed on the client end station and not on the server, wherein the causing the honey token includes transmitting a custom generation program to the client end station, and wherein the client end station executes the custom generation program to create the honey token; and causing a set of one or more attribute values to be installed on a security gateway implemented in an electronic device and coupled between the client end station and the server, wherein the set of one or more attribute values are to be utilized for a security rule that causes the security gateway to, monitor network traffic for attempted use of the honey token to gain access to the enterprise data provided by the server, and generate an alert when a set of one or more packets that include the honey token are received.
2. The method of claim 1 , wherein the security rule further causes the security gateway to: block the set of one or more packets from reaching the server by not forwarding the set of one or more packets toward the server.
3. The method of claim 1 , wherein said causing the set of one or more attribute values to be installed on the security gateway comprises: transmitting the set of one or more attribute values to the security gateway.
4. The method of claim 1 , further comprising: causing one or more different honey tokens, based upon a time schedule, to be placed on the client end station.
5. The method of claim 4 , further comprising: causing, responsive to receiving the set of one or more packets that include the honey token, an estimated time that the client end station was compromised to be presented to a user, wherein the estimated time is determined based upon the honey token and the time schedule.
6. The method of claim 1 , wherein the honey token comprises at least one of: a database name; a database table name; and a database query.
7. The method of claim 1 , wherein the honey token comprises at least one of: a filename; and a file system path.
8. The method of claim 1 , wherein the honey token comprises at least one of: a URI; and a cookie value of a HyperText Transfer Protocol (HTTP) cookie.
9. The method of claim 1 , wherein the honey token comprises a network address.
10. The method of claim 1 , wherein the set of one or more attribute values comprises a part of the honey token that is less than all of the honey token.
11. A system for setting a trap to detect if an intruder has compromised a client end station in an attempt to gain unauthorized access to enterprise data provided by a server executing on a server end station, wherein the client end station comprises a set of one or more user data files storing user data accessed through a set of one or more applications and further comprises a configuration repository storing application configuration data used by the set of one or more applications to configure the operation of the set of one or more applications, the system comprising: a reverse honey token management module, distinct from the client end station, that, causes a honey token to be placed on the client end station secluded within the application configuration data stored in the configuration repository, by transmission of a custom generation program to the client end station, wherein the client end station executes the custom generation program to create the honey token, wherein the configuration repository is at least one of a data source name (DSN) data structure, a Windows registry database, an application configuration file, and a local storage of a web browser, wherein the honey token is one or more of metadata and instructions indicating how one or more of the set of one or more applications can seemingly access the enterprise data provided by the server, wherein the honey token is invalid and does not allow access to any of the enterprise data provided by the server, wherein the server is unaware of the honey token, and wherein the honey token is a reverse honey token in that it is placed on the client end station and not on the server, and causes a set of one or more attribute values to be installed on a security gateway to cause the security gateway to utilize a security rule to detect an attempted use of the honey token to gain access to the enterprise data provided by the server; and the security gateway implemented in an electronic device and coupled between the client end station and the server that, monitors network traffic, using the security rule and the set of one or more attribute values, for the attempted use of the honey token, and generates an alert when a set of one or more packets that include the honey token are received.
12. The system of claim 11 , wherein the security rule further causes the security gateway to: block the set of one or more packets from reaching the server by not forwarding the set of one or more packets toward the server.
13. The system of claim 11 , wherein the reverse honey token management module causes the set of one or more attribute values to be installed on the security gateway by being configured to: transmit the set of one or more attribute values to the security gateway.
14. The system of claim 11 , wherein the reverse honey token management module is further configured to: cause one or more different honey tokens, based upon a time schedule, to be placed on the client end station.
15. The system of claim 14 , wherein the security gateway is further configured to: cause, responsive to receiving the set of one or more packets that include the honey token, an estimated time that the client end station was compromised to be presented to a user, wherein the estimated time is determined based upon the honey token and the time schedule.
16. The system of claim 11 , wherein the honey token comprises at least one of: a database name; a database table name; and a database query.
17. The system of claim 11 , wherein the honey token comprises at least one of: a filename; and a file system path.
18. The system of claim 11 , wherein the honey token comprises at least one of: a URI; and a cookie value of a HyperText Transfer Protocol (HTTP) cookie.
19. The system of claim 11 , wherein the honey token comprises a network address.
20. The system of claim 11 , wherein the set of one or more attribute values comprises a part of the honey token that is less than all of the honey token.
21. A non-transitory computer-readable storage medium comprising instructions for one or more processors, which, when executed by the one or more processors, cause the one or more processors to perform operations for setting a trap to detect if an intruder has compromised a client end station in an attempt to gain unauthorized access to enterprise data provided by a server executing on a server end station, wherein the client end station comprises a set of one or more user data files storing user data accessed through a set of one or more applications and further comprises a configuration repository storing application configuration data used by the set of one or more applications to configure the operation of the set of one or more applications, wherein the operations for setting a trap comprise: causing a honey token to be placed on the client end station secluded within the application configuration data stored in the configuration repository, wherein the configuration repository is at least one of a data source name (DSN) data structure, a Windows registry database, an application configuration file, and a local storage of a web browser, wherein the honey token is one or more of metadata and instructions indicating how one or more of the set of one or more applications can seemingly access the enterprise data provided by the server, wherein the honey token is invalid and does not allow access to any of the enterprise data provided by the server, wherein the server is unaware of the honey token, and wherein the honey token is a reverse honey token in that it is placed on the client end station and not on the server, wherein the causing the honey token includes transmitting a custom generation program to the client end station, and wherein the client end station executes the custom generation program to create the honey token; and causing a set of one or more attribute values to be installed on a security gateway coupled between the client end station and the server, wherein the set of one or more attribute values are to be utilized for a security rule that causes the security gateway to, monitor network traffic for attempted use of the honey token to gain access to the enterprise data provided by the server, and generate an alert when a set of one or more packets that include the honey token are received.
22. The non-transitory computer-readable storage medium of claim 21 , wherein the security rule further causes the security gateway to: block the set of one or more packets from reaching the server by not forwarding the set of one or more packets toward the server.
23. The non-transitory computer-readable storage medium of claim 21 , wherein said causing the set of one or more attribute values to be installed on the security gateway comprises: transmitting the set of one or more attribute values to the security gateway.
24. The non-transitory computer-readable storage medium of claim 21 , wherein the operations for setting a trap further comprise: causing one or more different honey tokens, based upon a time schedule, to be placed on the client end station.
25. The non-transitory computer-readable storage medium of claim 24 , wherein the operations for setting a trap further comprise: causing, responsive to receiving the set of one or more packets that include the honey token, an estimated time that the client end station was compromised to be presented to a user, wherein the estimated time is determined based upon the honey token and the time schedule.
26. The non-transitory computer-readable storage medium of claim 21 , wherein the honey token comprises at least one of: a database name; a database table name; and a database query.
27. The non-transitory computer-readable storage medium of claim 21 , wherein the honey token comprises at least one of: a filename; and a file system path.
28. The non-transitory computer-readable storage medium of claim 21 , wherein the honey token comprises at least one of: a URI; and a cookie value of a HyperText Transfer Protocol (HTTP) cookie.
29. The non-transitory computer-readable storage medium of claim 21 , wherein the honey token comprises a network address.
30. The non-transitory computer-readable storage medium of claim 21 , wherein the set of one or more attribute values comprises a part of the honey token that is less than all of the honey token.
Unknown
March 3, 2015
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.